First let me explain a few things
about MAC addresses. MAC stands for Media Access Control and in a sense the MAC
address is a computer's true name on a LAN. An Ethernet MAC address is a six
byte number, usually expressed as a twelve digit hexadecimal number (Example:
1AB4C234AB1F).

IPs are translated to MAC address
by a protocol called ARP (Address Resolution Protocol). Let's say a computer
with and IP of 192.168.1.1 wants to send information to another computer on the
LAN that has an IP of 192.168.1.2 . First 192.168.1.1 will send out a broadcast
to all stations on the LAN asking who has the IP 192.168.1.2. Then the box that
has 192.168.1.2 will respond to 192.168.1.1 with it's MAC address which is
cached in 192.168.1.1's ARP table for later use. To put this in Socratic Dialog
form (with just a touch of Stallone):

Host 1 (192.168.1.1): Yo
everyone on the LAN (FF:FF:FF:FF:FF:FF), who has the IP 192.168.1.2? My MAC is
DE:AD:BE:EF:CA:FE so you can respond back to me.

Host 2 (192.168.1.2): Hello
DE:AD:BE:EF:CA:FE, I have IP 192.168.1.2 and my MAC address is 12:34:56:78:90:12
so you can send your IP packets to me.

You can see the ARP table of a
box by dropping out to a command prompt and typing "arp –a" in Windows or just
"arp" in Linux. ARP can also work the other way by a host on the LAN sending its
MAC address to another machine on the LAN for preemptive caching unless the host
is configured to not accept un-requested ARP replies.

A person might want to change the
MAC address of a NIC for many reasons:

To get past MAC address filtering on a router. Valid MAC
addresses can be found by sniffing them and then the deviant user could
assume the MAC of a valid host. Having two hosts on the same network can cause some network stability problems,
but much of the time it's workable. This is one of the reasons why MIC
Address filtering on a wireless router is pointless. An attacker can just
sniff the MAC address out of the air while in monitor mode and set his WiFi
NIC to use it. Interestingly, a lot of hotels use MAC filtering in their
"pay to surf" schemes, so this method can be an instant in for cheap skate
road warriors.

Sniffing other connections on the network. By assuming
another host's MAC as their own they may receive packets not meant for them.
However, ARP poisoning is generally a better method than MAC spoofing to
accomplish this task.

So as to keep their burned in MAC address out of IDS and
security logs, thus keeping deviant behavior from being connected to their
hardware. For example, two of the main things a DHCP server logs when it
leases an IP to a client is the MAC address and host name. If you have a
wireless router look around on it's web interface for where it logs this
info. Luckily there are tools to randomize this information (MadMACs).

To pull off a denial of service attack, for instance
assuming the MAC of the gateway to a sub net might cause traffic problems.
Also, a lot of WiFi routers will lock up if a client tries to connect with
the same MAC as the router's BSSID.

Linux

To change your MAC address in
Linux (and most *nix system) is easy as pie. All it takes is two easy to script
commands:

ifconfig eth0 down hw ether
00:00:00:00:00:01

ifconfig eth0 up

These two little commands would
set your eth0 interface to use the MAC 00:00:00:00:00:01. Just plug in the NIC
you want to set and the MAC address you want to use into the commands above and
your done. Changing your MAC address is one of those things that is much easier
to do in Linux then under Windows.

Mac OS X

For versions of
OS X before Tiger (OS X 10.4) you will need this patch:

Apparently there are some problems changing your MAC
address in versions of OS X 10.5.6 and latter. Stefan Person sent me the
following note that should help you get it to work:

Due to a bug in OS X 10.5.6+, the built
in mac-address spoofing
function requires the following work around:

To determine your old mac-address:

ifconfig en1 | grep ether

Do not 'Turn Airport Off', instead deactivate your wireless card by:

Click 'Join Other Network...' and enter a fake SSID. Allow it to
attempt a connection and then go ahead and cancel the request. Your
card is now deactivated allowing us to proceed with the following
command:

sudo ifconfig en1 ether 00:11:22:33:44:55

Confirm using:

ifconfig en1 | grep ether

Windows 2000/XP/Vista: The Hard Way

In XP you can use the regedit to edit the
registry from a GUI or the reg command to edit it from the console, I'll be
using regedit. Information on all your NICs can be found the registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\
. Under this key you will find a bunch of sub keys labeled as 0000, 00001, 0002
and so forth. We can assume any MAC address we want by finding the key that
controls the NIC we want to change, putting in a string value called
"NetworkAddress" and setting it to the MAC address we want to use formatted as a
twelve digit hex number (example: 000000000001). To find out which key is which
we can search through them for the value "DriverDesc" until we find the one that
matches the NIC we wish to alter. After you set "NetworkAddress" to the address
you want just restart the NIC by disabling it then enabling it (or in the case
of PCMCIA cards, just eject and reinsert). You can confirm the MAC address
change by using the "getmac" or "ipconfig /all" commands.

After I posted my article Benjamin E. Pratt emailed me some
other notes on changing your MAC address on different platforms and in different
ways:

BSD

1) Bring down the interface: "ifconfig xl0 down"

2) Enter new MAC address: "ifconfig xl0 link 00:00:00:AA:AA:AA"

3) Bring up the interface: "ifconfig xl0 up"

Linux

1) Bring down the interface: "ifconfig eth0 down"

2) Enter new MAC address: "ifconfig eth0 hw ether 00:00:00:AA:AA:AA"

3) Bring up the interface: "ifconfig eth0 up"

Windows 2000/XP
Method 1:

This is depending on the type of Network Interface Card (NIC) you have. If
you have a card that doesn't support Clone MAC address, then you have to go
to second method.

a) Go to Start->Settings->Control Panel and double click on Network and
Dial-up Connections.

b) Right click on the NIC you want to change the MAC address and click on
properties.

c) Under "General" tab, click on the "Configure" button

d) Click on "Advanced" tab

e) Under "Property section", you should see an item called "Network Address"
or "Locally Administered Address", click on it.

f) On the right side, under "Value", type in the New MAC address you want to
assign to your NIC. Usually this value is entered without the "-" between
the MAC address numbers.

g) Goto command prompt and type in "ipconfig /all" or "net config rdr" to
verify the changes. If the changes are not materialized, then use the second
method.

h) If successful, reboot your system.

Method 2:

This should work on all Windows 2000/XP systems

a) Go to Start -> Run, type "regedt32" to start registry editor. Do not use
"Regedit".

b) Go to "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}".
Double click on it to expand the tree. The subkeys are 4-digit numbers,
which represent particular network adapters. You should see it starts with
0000, then 0001, 0002, 0003 and so on.

c) Find the interface you want by searching for the proper "DriverDesc" key.

d) Edit, or add, the string key "NetworkAddress" (has the data type "REG_SZ")
to contain the new MAC address.

e) Disable then re-enable the network interface that you changed (or reboot
the system).

Method 3:

Use the program Etherchange from http://ntsecurity.nu/toolbox/etherchange/

Windows 9x

Use the same method as Windows 2000/XP except for the registry key location
is "HKEY_LOCAL_MACHINE\System\ CurrentControlSet\Services\Class\Net" and you
must reboot your system.

History:
6/29/2009: Added note sent to me by Stefan Person.
a long time ago: First posted.